Advisories
Mandriva Advisories
|
 |
| Problem Description |
Jeff Trout discovered that the PostgreSQL server did not sufficiently
check data types of SQL function arguments in some cases. A user could
then exploit this to crash the database server or read out arbitrary
locations of the server's memory, which could be used to retrieve
database contents that the user should not be able to see. Note that a
user must be authenticated in order to exploit this (CVE-2007-0555).
As well, Jeff Trout also discovered that the query planner did not
verify that a table was still compatible with a previously-generated
query plan, which could be exploted to read out arbitrary locations of
the server's memory by using ALTER COLUMN TYPE during query execution.
Again, a user must be authenticated in order to exploit this
(CVE-2007-0556).
Updated packages have been patched to correct these issues.
| Updated Packages |
Corporate Server 3.0
25505c19ece576fefeba90b64caacfad corporate/3.0/i586/libecpg3-7.4.1-2.8.C30mdk.i586.rpm ef8a317c21785512de3144da1c9edff0 corporate/3.0/i586/libecpg3-devel-7.4.1-2.8.C30mdk.i586.rpm 45906f492059f08e3b5e0aa2595b5888 corporate/3.0/i586/libpgtcl2-7.4.1-2.8.C30mdk.i586.rpm c44595a37d655f17c8f97e5a2e5cc5fa corporate/3.0/i586/libpgtcl2-devel-7.4.1-2.8.C30mdk.i586.rpm 3b962bc41a1bbddfee5eef2fc554c7fb corporate/3.0/i586/libpq3-7.4.1-2.8.C30mdk.i586.rpm d8daf6f07762ff1a041761fe13591828 corporate/3.0/i586/libpq3-devel-7.4.1-2.8.C30mdk.i586.rpm 30c7d21119850ba8d84eb169c369723c corporate/3.0/i586/postgresql-7.4.1-2.8.C30mdk.i586.rpm a1a5653a3199fa56ce05d58a43636627 corporate/3.0/i586/postgresql-contrib-7.4.1-2.8.C30mdk.i586.rpm aa51e081c03b40018ab21d0821c71fea corporate/3.0/i586/postgresql-devel-7.4.1-2.8.C30mdk.i586.rpm b13e32723f494af7bf0d28e6fab484a2 corporate/3.0/i586/postgresql-docs-7.4.1-2.8.C30mdk.i586.rpm b64b66c52913c251fd920b7c932ede54 corporate/3.0/i586/postgresql-jdbc-7.4.1-2.8.C30mdk.i586.rpm 1fa995965d510d83b49ef5adb7d0fb30 corporate/3.0/i586/postgresql-pl-7.4.1-2.8.C30mdk.i586.rpm b76e6848ef3e48239e9fadce93d4cf1e corporate/3.0/i586/postgresql-server-7.4.1-2.8.C30mdk.i586.rpm 830a2abbba11c2a3888bb207ce1f2657 corporate/3.0/i586/postgresql-tcl-7.4.1-2.8.C30mdk.i586.rpm 6de4c509e8f30449de71ee847a72cc0b corporate/3.0/i586/postgresql-test-7.4.1-2.8.C30mdk.i586.rpm cb9f633aa33f20592c22d808d243e7f4 corporate/3.0/SRPMS/postgresql-7.4.1-2.8.C30mdk.src.rpm
Corporate Server 3.0/X86_64
b96b64db68a43bd86803a7f625d98c2e corporate/3.0/x86_64/lib64ecpg3-7.4.1-2.8.C30mdk.x86_64.rpm 37b035c411b06a3d4fbfd2479ded71cf corporate/3.0/x86_64/lib64ecpg3-devel-7.4.1-2.8.C30mdk.x86_64.rpm 37f965d055dfc9b9243a667f876b3799 corporate/3.0/x86_64/lib64pgtcl2-7.4.1-2.8.C30mdk.x86_64.rpm b127a439b633f1af2bb6a20475185f54 corporate/3.0/x86_64/lib64pgtcl2-devel-7.4.1-2.8.C30mdk.x86_64.rpm 3b2f7f2ada985794e9489f9049b00eb8 corporate/3.0/x86_64/lib64pq3-7.4.1-2.8.C30mdk.x86_64.rpm 0cf784d8f003c5956f19446032d97e29 corporate/3.0/x86_64/lib64pq3-devel-7.4.1-2.8.C30mdk.x86_64.rpm bcd4e668928ab31ab0333dbd1212149f corporate/3.0/x86_64/postgresql-7.4.1-2.8.C30mdk.x86_64.rpm fee8199f9dff5f0d6a4a38e39f5b0777 corporate/3.0/x86_64/postgresql-contrib-7.4.1-2.8.C30mdk.x86_64.rpm 158768a27c1c8294e778599533d7a3c6 corporate/3.0/x86_64/postgresql-devel-7.4.1-2.8.C30mdk.x86_64.rpm 667ca4ec5ac29289c920af54a5f0cdeb corporate/3.0/x86_64/postgresql-docs-7.4.1-2.8.C30mdk.x86_64.rpm 617d2d2cba98ad6079057f9262db16db corporate/3.0/x86_64/postgresql-jdbc-7.4.1-2.8.C30mdk.x86_64.rpm e849e37ba7648ba47b00bfeef98e2bdf corporate/3.0/x86_64/postgresql-pl-7.4.1-2.8.C30mdk.x86_64.rpm 5d834d6bb8a0736fafdde2ba4ced93a0 corporate/3.0/x86_64/postgresql-server-7.4.1-2.8.C30mdk.x86_64.rpm 9744b6d4b67486a1319605f8738de97d corporate/3.0/x86_64/postgresql-tcl-7.4.1-2.8.C30mdk.x86_64.rpm 836a7ab39147cbbde85473848756c2ea corporate/3.0/x86_64/postgresql-test-7.4.1-2.8.C30mdk.x86_64.rpm cb9f633aa33f20592c22d808d243e7f4 corporate/3.0/SRPMS/postgresql-7.4.1-2.8.C30mdk.src.rpm
Mandriva Linux 2006
e60813d14a97195111e2f441c035c0a4 2006.0/i586/libecpg5-8.0.11-0.1.20060mdk.i586.rpm 98471eae4a56f506629b7b78858df05b 2006.0/i586/libecpg5-devel-8.0.11-0.1.20060mdk.i586.rpm 649d620612706f772506250aa074f105 2006.0/i586/libpq4-8.0.11-0.1.20060mdk.i586.rpm 33be3c14364154f423ef63d1bbef52ed 2006.0/i586/libpq4-devel-8.0.11-0.1.20060mdk.i586.rpm 4c9ed409c90110a0b22d6faf3a3c0fcd 2006.0/i586/postgresql-8.0.11-0.1.20060mdk.i586.rpm 072d1dc81f3a430c76b0a2e2c9f2b9bc 2006.0/i586/postgresql-contrib-8.0.11-0.1.20060mdk.i586.rpm ecc54ed5ec7bdab8fdbfc19eff109703 2006.0/i586/postgresql-devel-8.0.11-0.1.20060mdk.i586.rpm c46c90969f5322c37ecb58fce0aadaac 2006.0/i586/postgresql-docs-8.0.11-0.1.20060mdk.i586.rpm e788e7e5036e49ff126ef0dd1264f72c 2006.0/i586/postgresql-jdbc-8.0.11-0.1.20060mdk.i586.rpm da908fc8bea59bdab1ec5bd75bc71aa3 2006.0/i586/postgresql-pl-8.0.11-0.1.20060mdk.i586.rpm 3689716149fd60406f71ce6371c4994a 2006.0/i586/postgresql-plperl-8.0.11-0.1.20060mdk.i586.rpm cd28d3b208ad2fd90ccb0ee7b26acd73 2006.0/i586/postgresql-plpgsql-8.0.11-0.1.20060mdk.i586.rpm 85fe6864b2ab743023a0b3f9ef055dba 2006.0/i586/postgresql-plpython-8.0.11-0.1.20060mdk.i586.rpm b09b01ee09433cb2276694c1a7769a58 2006.0/i586/postgresql-pltcl-8.0.11-0.1.20060mdk.i586.rpm 3ee91ea236e04f2a911ad69868bf3f29 2006.0/i586/postgresql-server-8.0.11-0.1.20060mdk.i586.rpm d5d9d33f248cadef71bff48dd1f7c81a 2006.0/i586/postgresql-test-8.0.11-0.1.20060mdk.i586.rpm 2f456c000cba2ac5f98ab05bb1c8b400 2006.0/SRPMS/postgresql-8.0.11-0.1.20060mdk.src.rpm
Mandriva Linux 2006/X86_64
04e172cf72fef2efc12d43d4906f2408 2006.0/x86_64/lib64ecpg5-8.0.11-0.1.20060mdk.x86_64.rpm 623fed2a8d785d71658705abd7d5d1f4 2006.0/x86_64/lib64ecpg5-devel-8.0.11-0.1.20060mdk.x86_64.rpm ad035cd1c9c11346a683febb2cc56783 2006.0/x86_64/lib64pq4-8.0.11-0.1.20060mdk.x86_64.rpm 3762497183d1b702f6f4f9683e871c88 2006.0/x86_64/lib64pq4-devel-8.0.11-0.1.20060mdk.x86_64.rpm ab263a98ce0b7179bfb834889c9facb0 2006.0/x86_64/postgresql-8.0.11-0.1.20060mdk.x86_64.rpm af4b6e09c92f53d6541390c04e922f4d 2006.0/x86_64/postgresql-contrib-8.0.11-0.1.20060mdk.x86_64.rpm 9f2a34e6162f77dddcc185552e9cb619 2006.0/x86_64/postgresql-devel-8.0.11-0.1.20060mdk.x86_64.rpm 8ce393a46d3eff9c5ea7d632d139c8e2 2006.0/x86_64/postgresql-docs-8.0.11-0.1.20060mdk.x86_64.rpm eee613b2b2df9565bc34dd70b4f4af3e 2006.0/x86_64/postgresql-jdbc-8.0.11-0.1.20060mdk.x86_64.rpm 6fbf3a35951d64936597a16e6aef59c5 2006.0/x86_64/postgresql-pl-8.0.11-0.1.20060mdk.x86_64.rpm 610fc142482dc119816bc37edbd16427 2006.0/x86_64/postgresql-plperl-8.0.11-0.1.20060mdk.x86_64.rpm e63db598dd5c07c9abe67834c242cec4 2006.0/x86_64/postgresql-plpgsql-8.0.11-0.1.20060mdk.x86_64.rpm f1398990db7f8fc80f31938c69f64153 2006.0/x86_64/postgresql-plpython-8.0.11-0.1.20060mdk.x86_64.rpm 612afa01e019d0da5b3fdd7e9c5579f0 2006.0/x86_64/postgresql-pltcl-8.0.11-0.1.20060mdk.x86_64.rpm 730a1ce6785ca112c63ee6367999e491 2006.0/x86_64/postgresql-server-8.0.11-0.1.20060mdk.x86_64.rpm dd5931e07b71f7d39147061bef39d177 2006.0/x86_64/postgresql-test-8.0.11-0.1.20060mdk.x86_64.rpm 2f456c000cba2ac5f98ab05bb1c8b400 2006.0/SRPMS/postgresql-8.0.11-0.1.20060mdk.src.rpm
Mandriva Linux 2007
cbc2848b971d5f6e7737c9f30d028ed4 2007.0/i586/libecpg5-8.1.7-1.1mdv2007.0.i586.rpm b2a0a05394b8aa3161d36bb278c1b53d 2007.0/i586/libecpg5-devel-8.1.7-1.1mdv2007.0.i586.rpm ef500351b0e053a9f45a50756cc0fe1e 2007.0/i586/libpq4-8.1.7-1.1mdv2007.0.i586.rpm cb38a91b2f1d8f26e7ce8cf0d60bfb5d 2007.0/i586/libpq4-devel-8.1.7-1.1mdv2007.0.i586.rpm 6b30152c1efd055ba0c58d48b2e6c3ee 2007.0/i586/postgresql-8.1.7-1.1mdv2007.0.i586.rpm 5772fb55a03763dd8828944833de4502 2007.0/i586/postgresql-contrib-8.1.7-1.1mdv2007.0.i586.rpm 726b2a6f1d42a7e09476daaa410bcede 2007.0/i586/postgresql-devel-8.1.7-1.1mdv2007.0.i586.rpm 6899f3691a0f3400a50b3ccc7758cd87 2007.0/i586/postgresql-docs-8.1.7-1.1mdv2007.0.i586.rpm 4b1abfd4d8ba754b75484676bec64a18 2007.0/i586/postgresql-pl-8.1.7-1.1mdv2007.0.i586.rpm 4e9aa45a784e741b30cd0fb7eac5a9ae 2007.0/i586/postgresql-plperl-8.1.7-1.1mdv2007.0.i586.rpm 8d36498700b07bdf13ae94721d272a07 2007.0/i586/postgresql-plpgsql-8.1.7-1.1mdv2007.0.i586.rpm 46576ac644792c77c05fbf521d6f5d08 2007.0/i586/postgresql-plpython-8.1.7-1.1mdv2007.0.i586.rpm d3e1211061f483922a31694a5c7031f8 2007.0/i586/postgresql-pltcl-8.1.7-1.1mdv2007.0.i586.rpm fdd8d98fac089b2b35bb65ca82a0b279 2007.0/i586/postgresql-server-8.1.7-1.1mdv2007.0.i586.rpm 7e40268a848a73fb7bbdb6713fafb582 2007.0/i586/postgresql-test-8.1.7-1.1mdv2007.0.i586.rpm b8229227cba3278c0e40a99f6ef39883 2007.0/SRPMS/postgresql-8.1.7-1.1mdv2007.0.src.rpm
Mandriva Linux 2007/X86_64
5315b2c35a453b577ee7847e019a846a 2007.0/x86_64/lib64ecpg5-8.1.7-1.1mdv2007.0.x86_64.rpm 2fe21dd9a0498b7001c9138cd9218159 2007.0/x86_64/lib64ecpg5-devel-8.1.7-1.1mdv2007.0.x86_64.rpm dc4e1420d0d36ebcd56c196989fb6694 2007.0/x86_64/lib64pq4-8.1.7-1.1mdv2007.0.x86_64.rpm e2efe03361910444fe6d684b4648876f 2007.0/x86_64/lib64pq4-devel-8.1.7-1.1mdv2007.0.x86_64.rpm 9b44f853f77f48a0088eb7943756b64e 2007.0/x86_64/postgresql-8.1.7-1.1mdv2007.0.x86_64.rpm 02a87ed9b62c4dd6206de8021755dea0 2007.0/x86_64/postgresql-contrib-8.1.7-1.1mdv2007.0.x86_64.rpm 82ade12fa019f039c989740b6484baee 2007.0/x86_64/postgresql-devel-8.1.7-1.1mdv2007.0.x86_64.rpm d6a5eb5f86263626f4f7d94d145bb108 2007.0/x86_64/postgresql-docs-8.1.7-1.1mdv2007.0.x86_64.rpm b7bad9fbe23450fb07c94ffa4135fed7 2007.0/x86_64/postgresql-pl-8.1.7-1.1mdv2007.0.x86_64.rpm 79a363334dba592ca80cac1017a45b1c 2007.0/x86_64/postgresql-plperl-8.1.7-1.1mdv2007.0.x86_64.rpm 38ea142b1a812fa734947a629e740151 2007.0/x86_64/postgresql-plpgsql-8.1.7-1.1mdv2007.0.x86_64.rpm a623495f6bfc957139669a29ee13fb58 2007.0/x86_64/postgresql-plpython-8.1.7-1.1mdv2007.0.x86_64.rpm e777974b7b49296dae095363b5448cc5 2007.0/x86_64/postgresql-pltcl-8.1.7-1.1mdv2007.0.x86_64.rpm 90e65a9ac76430df828265d6ea1d4c23 2007.0/x86_64/postgresql-server-8.1.7-1.1mdv2007.0.x86_64.rpm eb7e03b7a74491f60bc4e4dd0ba9aff2 2007.0/x86_64/postgresql-test-8.1.7-1.1mdv2007.0.x86_64.rpm b8229227cba3278c0e40a99f6ef39883 2007.0/SRPMS/postgresql-8.1.7-1.1mdv2007.0.src.rpm
Corporate Server 4.0
457ceff22a6c29fe8f7bb0b4a4cc3df5 corporate/4.0/i586/libecpg5-8.1.7-0.1.20060mlcs4.i586.rpm 2dee4d9b77250de0f5d79c9037ce4848 corporate/4.0/i586/libecpg5-devel-8.1.7-0.1.20060mlcs4.i586.rpm 4f1911b331aff03b1eedcc2967057f9f corporate/4.0/i586/libpq4-8.1.7-0.1.20060mlcs4.i586.rpm 2d5d829588b7a2ff81f6f364fb194618 corporate/4.0/i586/libpq4-devel-8.1.7-0.1.20060mlcs4.i586.rpm 3077227d7bee4836cabfc94113a39128 corporate/4.0/i586/postgresql-8.1.7-0.1.20060mlcs4.i586.rpm a4612b1ef4e8142e9f41c4760b8df2ec corporate/4.0/i586/postgresql-contrib-8.1.7-0.1.20060mlcs4.i586.rpm 6389bd557862c884c037300230f1d31c corporate/4.0/i586/postgresql-devel-8.1.7-0.1.20060mlcs4.i586.rpm 494f2995b8596943902d78796d25c2f4 corporate/4.0/i586/postgresql-docs-8.1.7-0.1.20060mlcs4.i586.rpm 9d85c833eb5881d97934f8a40cee08a5 corporate/4.0/i586/postgresql-pl-8.1.7-0.1.20060mlcs4.i586.rpm 3faa914bb1127a5eff6fc61630e790ba corporate/4.0/i586/postgresql-plperl-8.1.7-0.1.20060mlcs4.i586.rpm accb18c13908b0dc72ade4f40ebf2d45 corporate/4.0/i586/postgresql-plpgsql-8.1.7-0.1.20060mlcs4.i586.rpm e11f6aeb959c6567433706a07cc353f0 corporate/4.0/i586/postgresql-plpython-8.1.7-0.1.20060mlcs4.i586.rpm 3e899419b6b6fb47a9e1820db71c15b0 corporate/4.0/i586/postgresql-pltcl-8.1.7-0.1.20060mlcs4.i586.rpm 875f0e29feb28ba52b70d73979c3d429 corporate/4.0/i586/postgresql-server-8.1.7-0.1.20060mlcs4.i586.rpm 0fe3ea03a120de6624f186bf5cac455c corporate/4.0/i586/postgresql-test-8.1.7-0.1.20060mlcs4.i586.rpm fbb03a99b9795af2ebb6dde46545326d corporate/4.0/SRPMS/postgresql-8.1.7-0.1.20060mlcs4.src.rpm
Corporate Server 4.0/X86_64
626c0bfcc24162f9f29081ba1c605d13 corporate/4.0/x86_64/lib64ecpg5-8.1.7-0.1.20060mlcs4.x86_64.rpm 32e767d1264b2d6fbfaf659f0f98d02e corporate/4.0/x86_64/lib64ecpg5-devel-8.1.7-0.1.20060mlcs4.x86_64.rpm 3ae4b9b8ad30f358d486cbaa3c6d489d corporate/4.0/x86_64/lib64pq4-8.1.7-0.1.20060mlcs4.x86_64.rpm 87b7ebb3f9ce5c9bd62f5738c3b0b1b6 corporate/4.0/x86_64/lib64pq4-devel-8.1.7-0.1.20060mlcs4.x86_64.rpm f2337cb010b7e1d2f75867fb6e909a9f corporate/4.0/x86_64/postgresql-8.1.7-0.1.20060mlcs4.x86_64.rpm 428d3b26f7700141a7772e42395c8e36 corporate/4.0/x86_64/postgresql-contrib-8.1.7-0.1.20060mlcs4.x86_64.rpm a064cf7e03d4b1d42b3b3738d5cc08bb corporate/4.0/x86_64/postgresql-devel-8.1.7-0.1.20060mlcs4.x86_64.rpm d33e4335306ac9bc001f52365c22906c corporate/4.0/x86_64/postgresql-docs-8.1.7-0.1.20060mlcs4.x86_64.rpm 644e77f4587a6123609888e127b00c40 corporate/4.0/x86_64/postgresql-pl-8.1.7-0.1.20060mlcs4.x86_64.rpm bffedbcd41eebb83c2752184a5eebc21 corporate/4.0/x86_64/postgresql-plperl-8.1.7-0.1.20060mlcs4.x86_64.rpm 8ab83c15fa0513cbe7c13b8b101a37c6 corporate/4.0/x86_64/postgresql-plpgsql-8.1.7-0.1.20060mlcs4.x86_64.rpm bf7f711a4b5d444bd625829e61bd385e corporate/4.0/x86_64/postgresql-plpython-8.1.7-0.1.20060mlcs4.x86_64.rpm d3951b5e225842f185ed14e2c381ea9f corporate/4.0/x86_64/postgresql-pltcl-8.1.7-0.1.20060mlcs4.x86_64.rpm 3ba6e069c883bb138a4eb0d1ece4c31f corporate/4.0/x86_64/postgresql-server-8.1.7-0.1.20060mlcs4.x86_64.rpm de212c2885533ddd6d011589e5701a2b corporate/4.0/x86_64/postgresql-test-8.1.7-0.1.20060mlcs4.x86_64.rpm fbb03a99b9795af2ebb6dde46545326d corporate/4.0/SRPMS/postgresql-8.1.7-0.1.20060mlcs4.src.rpm
| References |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0556
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0555
| Upgrade |
To upgrade automatically, use MandrivaUpdate.
| Verification |
Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :
rpm --checksig package.rpm
You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.
If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.